Vulnerability Bulletins

int(703)

Vulnerability Bulletins

Interrupción del servicio en Apache
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Interrupcion del Servicio
Dificulty	Avanzado
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	UNIX
Affected software	Apache 2 httpd < 2.0.49 Apache 1.3 httpd < 1.3.31 Mac OS X 10.3.3 Mac OS X 10.2.8
Description
Se ha descubierto un error de diseño en las versiones anteriores a la 2.0.49 de Apache 2 y en la versión 1.3.31 de Apache. La explotación de este error podría permitir a un atacante remoto interrumpir el servicio mediante el establecimiento de una conexión especialmente diseñada. Este error se da sobre Apache sobre AIX, Solaris y True64, no en cambio sobre Linux o FreeBSD.
Solution
Actualización de software Apache Apache httpd 1.3.31 Apache httpd 2.0.49 http://httpd.apache.org/download.cgi HP hp-ux apache-based web server v.2.03 http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.04 Virtualvault A.04.70: instale los parches PHSS_30944 (actualización de Virtualvault 4.7 IWS) y PHSS_31058 (actualización de Virtualvault 4.7 OWS) Virtualvault A.04.60: instale los parches PHSS_30946 (actualización de Virtualvault 4.6 IWS) y PHSS_31057 (actualización de Virtualvault 4.6 OWS) Virtualvault A.04.50: instale los parches PHSS_30647 (actualización de Virtualvault 4.5 IWS) y PHSS_30648 (actualización de Virtualvault 4.5 OWS) Webproxy A.02.10: instale el parche PHSS_30950 (actualización de Webproxy server 2.1) Webproxy A.02.00: instale el parche PHSS_30949 (actualización de Webproxy server 2.0) http://software.hp.com IPv4 Usuarios de HP-UX B.11.00 y HP-UX B.11.11 instalen la revisión hpuxwsAPACHE A.2.0.49.00 Usuarios de HP-UX B.11.22 instalen la revisión hpuxwsAPACHE B.11.23 IPv6 Usuarios de HP-UX B.11.11 y HP-UX B.11.23 instalen la revisión hpuxwsAPACHE B.2.0.49.00 Apple Mac OS X 10.3.3 - Cliente http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_3_3_Client).html Mac OS X 10.3.3 - Servidor http://www.apple.com/support/downloads/securityupdate.html Mac OS X 10.2.8 - Cliente http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_2_8_Client).html Mac OS X 10.2.8 - Servidor http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_2_8_Server).html Mandrake Linux Mandrake Linux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-source-1.3.27-8.2.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-devel-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-modules-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-source-1.3.27-8.2.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache-1.3.27-8.2.91mdk.src.rpm Mandrake Linux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-source-1.3.28-3.2.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-devel-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-modules-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-source-1.3.28-3.2.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache-1.3.28-3.2.92mdk.src.rpm Mandrake Multi Network Firewall 8.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-common-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/apache-modules-1.3.23-4.4.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/apache-1.3.23-4.4.M82mdk.src.rpm Mandrake Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-common-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-devel-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-manual-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-modules-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-source-1.3.26-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/apache-1.3.26-7.1.C21mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-devel-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-modules-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-source-1.3.29-1.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache-1.3.29-1.1.100mdk.src.rpm Mandrake Linux (apache-mod_perl) Mandrakelinux 9.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_perl-common-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/mod_perl-devel-1.3.27_1.27-7.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.src.rpm PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/HTML-Embperl-1.3.27_1.3.4-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_perl-common-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/mod_perl-devel-1.3.27_1.27-7.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/apache-mod_perl-1.3.27_1.27-7.1.91mdk.src.rpm Mandrakelinux 9.2 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_perl-common-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/mod_perl-devel-1.3.28_1.28-1.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/HTML-Embperl-1.3.28_1.3.4-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_perl-common-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/mod_perl-devel-1.3.28_1.28-1.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/apache-mod_perl-1.3.28_1.28-1.1.92mdk.src.rpm Mandrakelinux 10.0 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_perl-common-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mod_perl-devel-1.3.29_1.29-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/HTML-Embperl-1.3.29_1.3.6-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_perl-common-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mod_perl-devel-1.3.29_1.29-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/apache-mod_perl-1.3.29_1.29-3.1.100mdk.src.rpm Corporate Server 2.1 i386 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_perl-common-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mod_perl-devel-1.3.26_1.27-7.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/HTML-Embperl-1.3.26_1.3.4-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_perl-common-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mod_perl-devel-1.3.26_1.27-7.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/apache-mod_perl-1.3.26_1.27-7.1.C21mdk.src.rpm Sun Solaris 9 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-113146-05-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-114145-04-1 Solaris 8 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-116973-01-1 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116974-01-1 SPARC Platform Solaris 8 con parche 116973-02 o posterior Solaris 9 con parche 113146-05 o posterior x86 Platform Solaris 8 con parche 116974-02 o posterior Solaris 9 con parche 114145-04 o posterior
Standar resources
Property	Value
CVE	CAN-2004-0174
BID
Other resources
Overview of security vulnerabilities in Apache httpd 2.0 http://www.apacheweek.com/features/security-20 Overview of security vulnerabilities in Apache httpd 1.3 http://www.apacheweek.com/features/security-13 HP SECURITY BULLETIN HPSBUX01022 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01022 Apple Security Updates http://docs.info.apple.com/article.html?artnum=61798 MandrakeSoft Security Advisory MDKSA-2004:046 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046 Mandrakesoft Security Advisory MDKSA-2004:046-1 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:046-1 HP Security Bulletin HPSBTU01049 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01049 HP Security Bulletin HPSBUX01069 http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01069 Sun(sm) Alert Notification 57628 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1 Sun Alert Notification (101555) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1&searchclause=%22category:security%22%20%22availability,%20s ecurity%22%20category:security.com

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-03-22
2.0	Apache 1.3.29 también es vulnerable	2004-04-14
2.1	Aviso emitido por HP (HPSBUX01022)	2004-04-27
2.2	Aviso emitido por Apple	2004-05-04
2.3	Apache 1.3.31 y 2.0.49 disponibles	2004-05-14
2.4	Aviso emitido por Mandrake (MDKSA-2004:046)	2004-05-18
2.5	Aviso emitido por Mandrake (MDKSA-2004:046-1)	2004-05-21
2.6	Aviso actualizado por HP (HPSBUX01022)	2004-07-15
2.7	Aviso emitido por HP (HPSBTU01049)	2004-08-10
2.8	Aviso emitido por HP (HPSBUX01069)	2004-08-13
2.9	Aviso emitido por Sun (57628)	2004-09-09
2.10	Aviso actualizado por Sun (57628)	2004-10-13
2.11	Aviso actualizado por SUN (101555)	2005-08-19

Vulnerability Bulletins

Interrupción del servicio en Apache

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history